MISP
/
mail_to_misp
mirror of https://github.com/MISP/mail_to_misp
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: benign attachment in FW email 

Fix #25
pull/31/head
Raphaël Vinot 2018-08-02 11:51:11 +02:00
parent 5ec8a2fa90
commit c823e5496c
2 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mail2misp/mail2misp.py
View File

@ -111,6 +111,10 @@ class Mail2MISP():
for attachment_name, attachment in email_object.attachments: for attachment_name, attachment in email_object.attachments:
if not attachment_name: if not attachment_name:
attachment_name = 'NameMissing.txt' attachment_name = 'NameMissing.txt'
if self.config_from_email_body.get('attachment') == self.config.m2m_benign_attachment_keyword:
a = self.misp_event.add_attribute('attachment', value=attachment_name, data=attachment)
email_object.add_reference(a.uuid, 'related-to', 'Email attachment')
else:
f_object, main_object, sections = make_binary_objects(pseudofile=attachment, filename=attachment_name, standalone=False) f_object, main_object, sections = make_binary_objects(pseudofile=attachment, filename=attachment_name, standalone=False)
self.misp_event.add_object(f_object) self.misp_event.add_object(f_object)
if main_object: if main_object:

8
tests/tests.py
View File

@ -52,6 +52,14 @@ class TestMailToMISP(unittest.TestCase):
event = self.mail2misp.add_event() event = self.mail2misp.add_event()
print(event) print(event)
def test_benign(self):
config = importlib.import_module('tests.config_forward')
self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
with open('tests/mails/test_benign.eml', 'rb') as f:
self.mail2misp.load_email(BytesIO(f.read()))
self.mail2misp.process_email_body()
self.mail2misp.process_body_iocs()
self.assertTrue('attachment' in [a.type for a in self.mail2misp.misp_event.attributes])
if __name__ == '__main__': if __name__ == '__main__':
unittest.main() unittest.main()